Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

286 New today
64,930 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

245
Jun 11
336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
292
Jun 23
Jun 24
Critical
High
Medium
Low

Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.1 CVE-2026-54007

Open WebUI: Cross-origin postMessage confirmation bypass via action:submit_CVE-2026-54007

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the chat message listener allows...

open-webui open-webui < 0.9.6 CVE
MEDIUM 4.3 CVE-2026-54006

Open WebUI: Calendar event re-parenting allows writing events into another user’s calendar_CVE-2026-54006

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, POST /api/v1/calendars/events/{e...

open-webui open-webui < 0.9.6 CVE
MEDIUM 5.3 CVE-2026-50221

CVE-2026-50221_CVE-2026-50221

In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers (X-Container-Host, X-Container-Device, X-Delete-At-Host, X-De...

OpenStack Swift 2.0.0 CVE
MEDIUM 5.2 CVE-2026-49983

Deno: process.loadEnvFile() bypasses env permission checks and mutates process.env with only read access_CVE-2026-49983

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, environment access is gated by the env permission. You can deny it with ...

denoland deno < 2.8.1 CVE
MEDIUM 5.2 CVE-2026-49860

Deno: WebSocket API sandbox bypass via missing post-DNS check_CVE-2026-49860

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, when a WebSocket connection was opened, Deno checked the destination hos...

denoland deno < 2.8.1 CVE
MEDIUM 5.2 CVE-2026-49859

Deno: `fetch()` API sandbox bypass via missing DNS resolution check_CVE-2026-49859

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, when fetch() was called, Deno checked the destination hostname against -...

denoland deno < 2.8.1 CVE
HIGH 7.4 CVE-2026-49440

Deno: Miller-Rabin Primality Test Allows Zero Rounds_CVE-2026-49440

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, node:crypto.checkPrime(candidate[, options][, callback]) and crypto.chec...

denoland deno < 2.8.1 CVE
MEDIUM 6.5 CVE-2026-49411

Deno Node TCPWrap numeric hostname aliases bypass –deny-net resolved-IP deny checks_CVE-2026-49411

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.0, the Node.js compatibility TCP path checked the permission against the or...

denoland deno < 2.8.0 CVE
MEDIUM 5.5 CVE-2026-49406

Deno: BYONM module resolution allows `package.json` main path traversal to bypass `–allow-read` restrictions_CVE-2026-49406

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.12, when Deno was run in BYONM mode (nodeModulesDir: "manual"), the module ...

denoland deno < 2.7.12 CVE